New Year Sale Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: xmas50

Paloalto Networks XSOAR-Engineer - Palo Alto Networks XSOAR Engineer

Paloalto Networks XSOAR-Engineer Premium Access     Download Demo    
Page: 4 / 6
Total 204 questions

A playbook task is set up to run an integration command that takes no input and which outputs information to the context. The integration has several instances configured.

Which action will ensure the integration command only runs once?.

A.

Specify the using- parameter to target a specific integration instance to run.

B.

Click on Advanced Options → Limits to specify the minimum / maximum run limits for a command.

C.

Click on Performance → Run Limits to specify the maximum run count before the task exits.

D.

Specify the runlimit= parameter to limit the number of times a specific command will run.

Which two situations would an engineer consider when configuring classification and mapping for an incident type? (Choose two.)

A.

When creating incidents from the XSOAR REST API

B.

When manually creating an incident from the UI

C.

When adding a new analyst account to XSOAR

D.

When fetching many different incident types from a single mailbox

Which two functions in XSOAR are incident types used for? (Choose two.)

A.

To run dedicated playbooks for different event types

B.

To classify events ingested from various sources into the relevant types

C.

To classify indicators extracted in XSOAR incidents to their respective types

D.

To facilitate role based access to XSOAR incidents

When uploading content, which two options could the upload include? (Choose two.)

A.

Indicators

B.

Incidents

C.

Reports

D.

Fields

An engineer asked for a specific command in an integration but the capability does not exist. The engineer decided to edit the existing integration by copying the integration and adding the needed commands.

What is the main concern when adding these commands?

A.

The commands must return a proper result to the war room for the analysts to understand

B.

The code may not be written to XSOAR standards

C.

The integrations are locked and cannot be edited with additional commands

D.

The custom integration will not be maintained and updated by XSOAR content team

An XSOAR Engineer has developed a playbook and would like to contribute it to the XSOAR Marketplace to share with other users.

Which two options are available to the Engineer for contributing to the Marketplace? (Choose two.)

A.

Open a ticket with the XSOAR support team

B.

Create a pull request directly on Github

C.

Contribute through the XSOAR UI

D.

Send an email to contributions@xsoar.com

Which three authentication methods are supported when logging into XSOAR? (Choose three.)

A.

OTP token

B.

User name and password

C.

SAML

D.

Active Directory authentication

E.

RADIUS

A Cortex XSOAR Administrator is tasked with building a button for an analyst in order for the analyst to be assigned to the incident as an owner. What is the process?

A.

Edit the incident layout to add a new button that calls the AssignAnalystToIncident automation with no argument

B.

Edit the incident layout to add a new button that calls the AssignToMeButton automation with argument assignBy={me}

C.

Edit the incident layout to add a new button that calls the AssignAnalystToIncident automation with argument owner={me}

D.

Edit the incident layout to add a new button that calls the AssignAnalystToIncident automation with argument assignBy=current

Which option is available in XSOAR to create the body of a Threat Intel Report?

A.

Markdown

B.

Grid Fields

C.

DOC format

D.

Javascript

What is the primary effect on a new file hash when it is added to the indicator exclusion list?.

A.

It is not extracted, enriched, or given a new verdict.

B.

It is extracted and stored, but an "exclusion" tag is added, requiring manual review before it can affect any incidents.

C.

It is processed normally by enrichment automations, but the verdict is set to "benign.".

D.

It is excluded from intelligence feeds that have a reliability score lower than "B - Usually reliable.".